Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2224
Views
0
Helpful
18
Replies

NAC 4.7 "CAS unavailable" temporary role

mecampr
Level 1
Level 1

‎07-16-2010 06:23 AM - edited ‎02-21-2020 04:01 AM

I have a VGW, OOB with layer 3 enabled pilot deployment right now. Everything looks fine. However, about

30% of the time (and its increasing) when I log on using the 4.7 agent, the agent will give me the error that the cas is unavialbe on the network. When I check the CAM, the user can be viewed on the monitoring tab, in-band and placed in the temporary role. (highlighted quarantined)

When i kick the user, more often than not , the user can log back in and it places him in the oob role that he is assigned to and all works fine.

core switch -----------cas/cam

     |

distribution switch

     |

End user switch---------end user pc

Any ideas as to why when placed in the temp role transitioning to the authenticated role it would lose contact???? and why would it be placed in the in-band section of the monitoring online users?

0 Helpful
18 Replies 18

mecampr
Level 1
Level 1
In response to mecampr

‎07-22-2010 07:29 AM

im still waiting for TAC as i sent them lots of info so hopefully once they wade through it the answer may appear...however I noticed a couple of things that may improve my knowledge as well...

in 4.7 the ehternet filters...do i need this enabled for remediation, im running a vgw oob with layer 3 checked. The client fails is a layer 2 client. It fails when asked to do any kind of checks. To me it seems that it is maybe not put/kept in a vlan or something....I believe by default it should remain in the auth vlan when it is in phase 2 remediation. In the temp role, if i edit it I see the variable to change the vlan for the role....although this says it is only for the normal logon.

my question is this....do i need to change the filters to be enabled for ethernet, allowing all for the temp role and the roles created for the users?

Also would i need to add  the role vlan to the temp user?

0 Helpful

mecampr
Level 1
Level 1
In response to mecampr

‎07-22-2010 01:36 PM

TAC said the issue has only been seen with packet loss and out of order packets. Im running all cisco switches, voip etc. network utilization is about 3 %..any ideas im at a loss, all interface stastics are fine...no network problems whatsoever. Running out of ideas

0 Helpful

Faisal Sehbai
Level 7
Level 7
In response to mecampr

‎07-22-2010 01:39 PM

Rick,

Can you private-msg me the TAC SR?

Thanks,

Faisal

0 Helpful

mecampr
Level 1
Level 1
In response to Faisal Sehbai

‎07-22-2010 07:07 PM

I sent your the SR, if you check your inbox

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card